Colin Woodland, VP EMEA at IronKey, outlines the issues business and IT must face as they continue the push towards mobility. He warns that without the right preparation, the move towards mobile workforce holds potentially hidden and debilitating costs.
With IDC forecasting that the global mobile workforce will grow to nearly 1.2 billion people by 2013, organisations must consider if they can afford this change in operations.
While productivity gains outweigh capital costs, the very real costs of data circulating outside the safe confines of the office could make a mobile workforce much less attractive. Embarrassing data breaches, government fines and stolen intellectual property are some of the very real costs of a mobile workforce today.
The mobile data landscape
The move towards a truly mobile workforce is accelerating at a blindingly fast pace. IDC estimates that there are already over one billion mobile workers worldwide. Laptops, netbooks and USB flash drives allow workers to access, remove and store large amounts of data and take it outside the relatively safe confines of your corporate offices. There's no doubt about the productivity gains and benefits of a mobile workforce.
But, the surprising cost of what can happen to your business data as it leaves the office every day may dramatically outweigh the benefits of mobility. Today, the impact of intellectual property theft and fines levied by UK regulators can make one lost laptop or flash drive a disaster waiting to happen. The Ponemon Institute found the average cost of a data breach in the UK reached £1.68 million in 2009. How many managers thought it couldn't happen to their organisation?
If business and IT leaders don't address data protection before it's too late, a mobile workforce can be a one-way ticket to a costly and unsightly end.
The unseen cost of a mobile workforce
Already in the UK, over 500 organisations have reported to the Information Commissioner's Office a lost laptop, flash drive, or other portal device since the beginning of 2007. Of course, this is just the tip of the iceberg. Most incidents went unreported but can still come back to haunt businesses. Between April 2008 and March this year BBC staff reported that 146 laptops had been lost or stolen. The UK's MoD reported losing 215 USB flash drives over the last two years. In both cases, how many lost or stolen devices went unreported? How many get lost in your organisations?
Unlike before, the ICO now has the power to levy £500,000 fines for each breach. Given past history, it's not a matter of will a mobile worker be responsible for the next breach, but when. What would your business do if faced with a multi-million pound bill following a data breach?
Even if data is not sensitive and regulated, what would the impact be of your competitors accessing your current sales forecast, customer lists, or upcoming financial statements?
Making all of this a non-issue
The issue of employees' losing data or being victims of theft will likely never change. Humans make mistakes and can be the victim of crime almost anywhere. However, doing nothing before this occurs will not be excusable in the eyes of management or the board.
Today, technology exists to protect your business data on portable devices such as flash drives. Encryption is readily available that makes data accessible and usable for only authorised employees. The ICO recognises that even if encrypted data is lost or stolen it is not vulnerable to compromise. The ICO has been very clear in advising businesses to encrypt all data which mobile workers access, remove and store on their mobile computing devices.
A window of opportunity
However, I would suggest businesses, to be ready to respond to the inquiries of regulators, go beyond just simple encryption and implement an auditable data protection record. This way questions regulators may ask can be easily answered. The ideal solution is a managed service, which would allow the IT department to manage the encrypted devices so they can track and ultimately destroy any data that is lost or stolen.
This doesn't give carte blanche for mobile workers to treat devices without a care, but most importantly it gives your business the assurance that data cannot be misused if lost. And critically important in today's regulatory environment, your business is safeguarded from fines and resulting consequences following a data breach.
So whether you're reading this in the server room or the boardroom, it is time to re-evaluate your mobile workforce program. If data security isn't at the top of your priorities, there's still time to make a change before it's too late.